Setup compose environment for local testing

.gitignore

@@ -0,0 +1 @@
+github-pat.txt

Containerfile

@@ -7,7 +7,8 @@ ENV PGUSER glvd
 ENV PGPASSWORD glvd
 
 ENV GLVD_TRIAGE_FILE sample.yaml
-ENV PAT YOUR_PAT
+
+ENV PAT NOT_SET
 
 RUN apt-get update && apt-get install -y postgresql-client curl python3-yaml git
 

asserts-entrypoint.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+echo "$PGHOST:$PGPORT:$PGDATABASE:$PGUSER:$PGPASSWORD" > ~/.pgpass
+chmod 0600 ~/.pgpass
+
+psql -c "select * from public.cve_context where create_date > now() - interval '1 day';" glvd > /tmp/results.txt
+
+if grep -q 'CVE-' /tmp/results.txt; then
+  echo "ok"
+fi

asserts.Containerfile

@@ -0,0 +1,13 @@
+FROM debian:trixie
+
+ENV PGHOST glvd
+ENV PGPORT 5432
+ENV PGDATABASE glvd
+ENV PGUSER glvd
+ENV PGPASSWORD glvd
+
+RUN apt-get update && apt-get install -y postgresql-client
+
+COPY asserts-entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

compose.yaml

@@ -19,32 +19,46 @@ services:
       start_period: 30s
       timeout: 10s
 
-# fixme(fwilhe): depends_on does not seem to work with podman compose?
-
-  # glvd-init:
-  #   image: ghcr.io/gardenlinux/glvd-init:latest
-  #   networks:
-  #     - glvd-triage-IT
-  #   depends_on:
-  #     glvd-postgres:
-  #       condition: service_healthy
-  #       restart: false
-  #   environment:
-  #     PGHOST: glvd-postgres
+  glvd-init:
+    image: ghcr.io/gardenlinux/glvd-init:latest
+    networks:
+      - glvd-triage-IT
+    depends_on:
+      glvd-postgres:
+        condition: service_healthy
+        restart: false
+    environment:
+      PGHOST: glvd-postgres
 
-  # glvd-triage:
-  #   build:
-  #     dockerfile: ./Containerfile
-  #   networks:
-  #     - glvd-triage-IT
-  #   depends_on:
-  #     glvd-init:
-  #       condition: service_completed_successfully
-  #       restart: false
-  #   environment:
-  #     PGHOST: glvd-postgres
-  #     PAT: TODO
+  glvd-triage:
+    build:
+      dockerfile: ./Containerfile
+    networks:
+      - glvd-triage-IT
+    depends_on:
+      glvd-init:
+        condition: service_completed_successfully
+        restart: false
+    environment:
+      PGHOST: glvd-postgres
+    secrets:
+      - github_pat
 
+  glvd-triage-assert:
+    build:
+      dockerfile: ./asserts.Containerfile
+    networks:
+      - glvd-triage-IT
+    depends_on:
+      glvd-triage:
+        condition: service_completed_successfully
+        restart: false
+    environment:
+      PGHOST: glvd-postgres
 
 networks:
   glvd-triage-IT: {}
+
+secrets:
+  github_pat:
+    file: github-pat.txt

entrypoint.sh

@@ -3,6 +3,16 @@
 echo "$PGHOST:$PGPORT:$PGDATABASE:$PGUSER:$PGPASSWORD" > ~/.pgpass
 chmod 0600 ~/.pgpass
 
+if [[ $PAT == "NOT_SET" ]]; then
+    if [[ -f /run/secrets/github_pat ]]; then
+        PAT=$(cat /run/secrets/github_pat)
+    else
+        echo GitHub PAT not set.
+        exit 1
+    fi
+fi
+
+
 git clone --depth=1 https://"$PAT"@github.com/gardenlinux/glvd-triage-data /data/
 
 python3 /cli.py > /triage.sql

sample.yaml

@@ -22,3 +22,7 @@
   description: |
     This was already patched in https://github.com/gardenlinux/package-libxml2/releases/tag/2.12.7%2Bdfsg-3gardenlinux0.
 
+    This is a multi line string, it may use *Markdown*.
+
+    There may be empty lines, but make sure the multi line string is properly formatted.
+    See https://yaml-multiline.info for syntax info.